Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-115:Misinterpretation of Input
Weakness ID:115
Version:v4.17
Weakness Name:Misinterpretation of Input
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

▼Extended Description

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowed-with-ReviewC436Interpretation Conflict
Nature: ChildOf
Mapping: Allowed-with-Review
Type: Class
ID: 436
Name: Interpretation Conflict
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC438Behavioral Problems
MemberOfProhibitedC977SFP Secondary Cluster: Design
MemberOfProhibitedC1398Comprehensive Categorization: Component Interaction
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 438
Name: Behavioral Problems
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 977
Name: SFP Secondary Cluster: Design
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1398
Name: Comprehensive Categorization: Component Interaction
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-315Unexpected State (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-315
Name: Unexpected State (impact)
▼Relevant To View
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC438Behavioral Problems
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 438
Name: Behavioral Problems
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC977SFP Secondary Cluster: Design
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 977
Name: SFP Secondary Cluster: Design
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
IntegrityN/AUnexpected State
N/A
Scope: Integrity
Likelihood: N/A
Impact: Unexpected State
Note:
N/A
▼Potential Mitigations
▼Modes Of Introduction
Phase: Architecture and Design
Note:

N/A

Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
CVE-2005-2225
Product sees dangerous file extension in free text of a group discussion, disconnects all users.
CVE-2001-0003
Product does not correctly import and process security settings from another product.
Reference: CVE-2005-2225
Description:
Product sees dangerous file extension in free text of a group discussion, disconnects all users.
Reference: CVE-2001-0003
Description:
Product does not correctly import and process security settings from another product.
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      Fuzzing
      Detection Method ID:DM-13
      Description:

      Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.

      Effectiveness:High
      Note:

      N/A

      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      Research Gap

      This concept needs further study. It is likely a factor in several weaknesses, possibly resultant as well. Overlaps Multiple Interpretation Errors (MIE).

      N/A

      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      PLOVERN/AN/AMisinterpretation Error
      Taxonomy Name: PLOVER
      Entry ID: N/A
      Fit: N/A
      Entry Name: Misinterpretation Error
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found